In filebeat.yml i have set:
index: filebeat-app
yet in the json output there is nothing for index, and it still receives teh default logstash-$date index when inserted into elasticsearch.
output:
logstash:
hosts: ["logstash01:5044", "logstash02:5044", "logstash03:5044"]
# Number of workers per Logstash host.
worker: 16
# Set gzip compression level.
#compression_level: 3
# configure logstash plugin to loadbalance events between the logstash instances
loadbalance: true
# configure index prefix name
index: filebeat-app
I wouldn't use a monolithic index, use time based ones.
Otherwise how do you manage retention of old records?
Did you check the docs.
The index is exposed under [@metadata][beat] in logstash.
Sample elasticsearch output to use index name from beats:
output {
elasticsearch {
host => "localhost"
port => "9200"
protocol => "http"
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
This topic was automatically closed after 21 days. New replies are no longer allowed.